Validate a hub and spoke network in Azure using Terraform

Terraform enables the definition, preview, and deployment of cloud infrastructure. Using Terraform, you create configuration files using HCL syntax. The HCL syntax allows you to specify the cloud provider - such as Azure - and the elements that make up your cloud infrastructure. After you create your configuration files, you create an execution plan that allows you to preview your infrastructure changes before they're deployed. Once you verify the changes, you apply the execution plan to deploy the infrastructure.

In this article, you execute the terraform files created in the previous article in this series. The result is a validation of the connectivity between the demo virtual networks.

In this article, you learn how to:

• Implement the Hub VNet in hub-spoke topology
• Verify the resources to be deployed
• Create the resources in Azure
• Verify the connectivity between different networks

1. Configure your environment

• Azure subscription: If you don't have an Azure subscription, create a free account before you begin.

• Configure Terraform: If you haven't already done so, configure Terraform using one of the following options:

  • Configure Terraform in Azure Cloud Shell with Bash
  • Configure Terraform in Azure Cloud Shell with PowerShell
  • Configure Terraform in Windows with Bash
  • Configure Terraform in Windows with PowerShell

• Create a hub and spoke hybrid network topology with Terraform in Azure

• Create on-premises virtual network with Terraform in Azure

• Create a hub virtual network with Terraform in Azure

• Create a hub virtual network appliance with Terraform in Azure

• Create a spoke virtual networks with Terraform in Azure

2. Verify your configuration

In the example directory, verify that all the files created in this article series are present:

File name	Article in which file is created
main.tf	Create a hub and spoke hybrid network topology with Terraform in Azure
variables.tf	Create a hub and spoke hybrid network topology with Terraform in Azure
on-prem.tf	Create on-premises virtual network with Terraform in Azure
hub-vnet.tf	Create a hub virtual network with Terraform in Azure
hub-nva.tf	Create a hub virtual network appliance with Terraform in Azure
spoke1.tf	Create a spoke virtual networks with Terraform in Azure
spoke2.tf	Create a spoke virtual networks with Terraform in Azure

3. Initialize Terraform

Run terraform init to initialize the Terraform deployment. This command downloads the Azure provider required to manage your Azure resources.

terraform init -upgrade

Key points:

• The -upgrade parameter upgrades the necessary provider plugins to the newest version that complies with the configuration's version constraints.

4. Create a Terraform execution plan

Run terraform plan to create an execution plan.

terraform plan -out main.tfplan

Key points:

• The terraform plan command creates an execution plan, but doesn't execute it. Instead, it determines what actions are necessary to create the configuration specified in your configuration files. This pattern allows you to verify whether the execution plan matches your expectations before making any changes to actual resources.
• The optional -out parameter allows you to specify an output file for the plan. Using the -out parameter ensures that the plan you reviewed is exactly what is applied.

5. Apply a Terraform execution plan

Run terraform apply to apply the execution plan to your cloud infrastructure.

terraform apply main.tfplan

Key points:

• The example terraform apply command assumes you previously ran terraform plan -out main.tfplan.
• If you specified a different filename for the -out parameter, use that same filename in the call to terraform apply.
• If you didn't use the -out parameter, call terraform apply without any parameters.

6. Verify the results

This section shows how to test connectivity from the simulated on-premises environment to the hub VNet.

1. Browse to the Azure portal.

2. In the Azure portal, browse to the onprem-vnet-rg resource group.

3. In the onprem-vnet-rg tab, select the VM named onprem-vm.

4. Note the Public IP Address value.

5. Return to the command line and run ssh to connect to the simulated on-premises environment.

   ssh azureuser@<onprem_vm_ip_address>
   

   Key points:

   • If you changed the user name from azureuser in the variables.tf file, make sure to insert that value in the ssh command.
   • Use the password you specified when you ran terraform plan.

6. Once connected to the onprem-vm virtual machine, run the ping command to test connectivity to the jumpbox VM in the hub VNet:

   ping 10.0.0.68
   

7. Run the ping command to test connectivity to the jumpbox VMs in each spoke:

   ping 10.1.0.68
   ping 10.2.0.68
   

8. To exit the ssh session on the onprem-vm virtual machine, enter exit and press <Enter>.

7. Clean up resources

When you no longer need the resources created via Terraform, do the following steps:

1. Run terraform plan and specify the destroy flag.

   terraform plan -destroy -out main.destroy.tfplan
   

   Key points:

   • The terraform plan command creates an execution plan, but doesn't execute it. Instead, it determines what actions are necessary to create the configuration specified in your configuration files. This pattern allows you to verify whether the execution plan matches your expectations before making any changes to actual resources.
   • The optional -out parameter allows you to specify an output file for the plan. Using the -out parameter ensures that the plan you reviewed is exactly what is applied.

2. Run terraform apply to apply the execution plan.

   terraform apply main.destroy.tfplan
   

Troubleshoot Terraform on Azure

Troubleshoot common problems when using Terraform on Azure

Next steps

Learn more about using Terraform in Azure